From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Nov 22 03:20:02 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECBB91065674 for ; Sat, 22 Nov 2008 03:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B64018FC12 for ; Sat, 22 Nov 2008 03:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAM3K1NP076012 for ; Sat, 22 Nov 2008 03:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAM3K1OU076011; Sat, 22 Nov 2008 03:20:01 GMT (envelope-from gnats) Resent-Date: Sat, 22 Nov 2008 03:20:01 GMT Resent-Message-Id: <200811220320.mAM3K1OU076011@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthias Andree Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BF20106564A for ; Sat, 22 Nov 2008 03:12:46 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 459ED8FC18 for ; Sat, 22 Nov 2008 03:12:45 +0000 (UTC) (envelope-from matthias.andree@gmx.de) Received: (qmail invoked by alias); 22 Nov 2008 02:46:03 -0000 Received: from e182122203.adsl.alicedsl.de (EHLO m2a2.dyndns.org) [85.182.122.203] by mail.gmx.net (mp007) with SMTP; 22 Nov 2008 03:46:03 +0100 Received: from localhost (localhost [127.0.0.1]) by merlin.emma.line.org (Postfix) with ESMTP id 387CB200675; Sat, 22 Nov 2008 03:46:02 +0100 (CET) Received: from m2a2.dyndns.org ([127.0.0.1]) by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g2Qw2Yg4hVOk; Sat, 22 Nov 2008 03:46:01 +0100 (CET) Received: from rho.emma.line.org (vpn-rho.emma.line.org [192.168.0.198]) by merlin.emma.line.org (Postfix) with ESMTP id 727D02005DF; Sat, 22 Nov 2008 03:46:01 +0100 (CET) Received: by rho.emma.line.org (Postfix, from userid 500) id B48D35C4E; Sat, 22 Nov 2008 03:44:55 +0100 (CET) Message-Id: <20081122024455.B48D35C4E@rho.emma.line.org> Date: Sat, 22 Nov 2008 03:44:55 +0100 (CET) From: Matthias Andree To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/129062: [MAINTAINER] security/openvpn-devel: update to -rc15 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Nov 2008 03:20:02 -0000 >Number: 129062 >Category: ports >Synopsis: [MAINTAINER] security/openvpn-devel: update to -rc15 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Nov 22 03:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Matthias Andree >Release: FreeBSD 7.0-RELEASE-p5 i386 >Organization: >Environment: System: FreeBSD rho.emma.line.org 7.0-RELEASE-p5 FreeBSD 7.0-RELEASE-p5 #10: Thu Nov 6 02:12:42 CET >Description: update to -rc15. Upstream changelog: ------------------------------------------------------- 2008.11.19 -- Version 2.1_rc15 * Fixed issue introduced in 2.1_rc14 that may cause a segfault when a --plugin module is used. * Added server-side --opt-verify option: clients that connect with options that are incompatible with those of the server will be disconnected (without this option, incompatible clients would trigger a warning message in the server log but would not be disconnected). * Added --tcp-nodelay option: Macro that sets TCP_NODELAY socket flag on the server as well as pushes it to connecting clients. * Minor options check fix: --no-name-remapping is a server-only option and should therefore generate an error when used on the client. * Added --prng option to control PRNG (pseudo-random number generator) parameters. In previous OpenVPN versions, the PRNG was hardcoded to use the SHA1 hash. Now any OpenSSL hash may be used. This is part of an effort to remove hardcoded references to a specific cipher or cryptographic hash algorithm. * Cleaned up man page synopsis. 2008.11.16 -- Version 2.1_rc14 * Added AC_GNU_SOURCE to configure.ac to enable struct ucred, with the goal of fixing a build issue on Fedora 9 that was introduced in 2.1_rc13. * Added additional method parameter to --script-security to preserve backward compatibility with system() call semantics used in OpenVPN 2.1_rc8 and earlier. To preserve backward compatibility use: script-security 3 system * Added additional warning messages about --script-security 2 or higher being required to execute user-defined scripts or executables. * Windows build system changes: (...) * Extended Management Interface "bytecount" command to work when OpenVPN is running as a server. Documented Management Interface "bytecount" command in management/management-notes.txt. * Fixed informational message in ssl.c to properly indicate deferred authentication. * Added server-side --auth-user-pass-optional directive, to allow connections by clients that do not specify a username/password, when a user-defined authentication script/module is in place (via --auth-user-pass-verify, --management-client-auth, or a plugin module). * Changes to easy-rsa/2.0/pkitool and related openssl.cnf: Calling scripts can set the KEY_NAME environmental variable to set the "name" X509 subject field in generated certificates. Modified pkitool to allow flexibility in separating the Common Name convention from the cert/key filename convention. For example: KEY_CN="James's Laptop" KEY_NAME="james" ./pkitool james will create a client certificate/key pair of james.crt/james.key having a Common Name of "James's Laptop" and a Name of "james". * Added --no-name-remapping option to allow Common Name, X509 Subject, and username strings to include any printable character including space, but excluding control characters such as tab, newline, and carriage-return (this is important for compatibility with external authentication systems). As a related change, added --status-version 3 format (and "status 3" in the management interface) which uses the version 2 format except that tabs are used as delimiters instead of commas so that there is no ambiguity when parsing a Common Name that contains a comma. Also, save X509 Subject fields to environment, using the naming convention: X509_{cert_depth}_{name}={value} This is to avoid ambiguities when parsing out the X509 subject string since "/" characters could potentially be used in the common name. * Fixed some ifconfig-pool issues that precluded it from being combined with --server directive. Now, for example, we can configure thusly: server 10.8.0.0 255.255.255.0 nopool ifconfig-pool 10.8.0.2 10.8.0.99 255.255.255.0 to have ifconfig-pool manage only a subset of the VPN subnet. * Added config file option "setenv FORWARD_COMPATIBLE 1" to relax config file syntax checking to allow directives for future OpenVPN versions to be ignored. ------------------------------------------------------- Generated with FreeBSD Port Tools 0.77 >How-To-Repeat: >Fix: --- openvpn-devel-2.1.r15.patch begins here --- diff -ruN --exclude=CVS /usr/ports/security/openvpn-devel/Makefile /usr/home/emma/ports/security/openvpn-devel/Makefile --- /usr/ports/security/openvpn-devel/Makefile 2008-10-11 16:00:52.000000000 +0200 +++ /usr/home/emma/ports/security/openvpn-devel/Makefile 2008-11-22 03:33:59.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= openvpn -DISTVERSION= 2.1_rc13 +DISTVERSION= 2.1_rc15 CATEGORIES= security net MASTER_SITES= http://openvpn.net/release/ PKGNAMESUFFIX= -devel diff -ruN --exclude=CVS /usr/ports/security/openvpn-devel/distinfo /usr/home/emma/ports/security/openvpn-devel/distinfo --- /usr/ports/security/openvpn-devel/distinfo 2008-10-11 16:00:52.000000000 +0200 +++ /usr/home/emma/ports/security/openvpn-devel/distinfo 2008-11-22 03:34:52.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (openvpn-2.1_rc13.tar.gz) = 7f9637cab862579e99666d4cb98d853b -SHA256 (openvpn-2.1_rc13.tar.gz) = d8c1e7c9b04ca2577d90048d723f6613744f818c75eaeb66d47ba1158f20b993 -SIZE (openvpn-2.1_rc13.tar.gz) = 825890 +MD5 (openvpn-2.1_rc15.tar.gz) = 14a35b05c5a16292d149592d1dad0302 +SHA256 (openvpn-2.1_rc15.tar.gz) = 66cfe347da6ab29ae39c80527714079cdb5699fdf453f7e031dd2ec0172d13a5 +SIZE (openvpn-2.1_rc15.tar.gz) = 833429 --- openvpn-devel-2.1.r15.patch ends here --- >Release-Note: >Audit-Trail: >Unformatted: